Skip to content

Commit

Permalink
HttpEndpointSpec.DynamicUrl
Browse files Browse the repository at this point in the history
Signed-off-by: Alex Snaps <[email protected]>
  • Loading branch information
alexsnaps committed Oct 15, 2024
1 parent 067f83d commit 8eed1ec
Show file tree
Hide file tree
Showing 8 changed files with 91 additions and 11 deletions.
2 changes: 2 additions & 0 deletions api/v1beta3/auth_config_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -449,6 +449,8 @@ type HttpEndpointSpec struct {
// E.g. https://ext-auth-server.io/metadata?p={request.path}
Url string `json:"url"`

UrlExpression CelExpression `json:"urlExpression,omitempty"`

// HTTP verb used in the request to the service. Accepted values: GET (default), POST.
// When the request method is POST, the authorization JSON is passed in the body of the request.
// +optional
Expand Down
1 change: 1 addition & 0 deletions api/v1beta3/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

11 changes: 11 additions & 0 deletions controllers/auth_config_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -896,8 +896,19 @@ func (r *AuthConfigReconciler) buildGenericHttpEvaluator(ctx context.Context, ht
method = string(*m)
}

var dynamicEndpoint *cel.Expression
if http.UrlExpression.Expression != "" {
endpoint, err := cel.NewStringExpression(http.UrlExpression.Expression)
if err != nil {
return nil, err
} else {
dynamicEndpoint = endpoint
}
}

ev := &metadata_evaluators.GenericHttp{
Endpoint: http.Url,
DynamicEndpoint: dynamicEndpoint,
Method: method,
Body: body,
Parameters: params,
Expand Down
15 changes: 15 additions & 0 deletions install/crd/authorino.kuadrant.io_authconfigs.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5291,6 +5291,11 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -5751,6 +5756,11 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -6052,6 +6062,11 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down
15 changes: 15 additions & 0 deletions install/manifests.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5767,6 +5767,11 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -6227,6 +6232,11 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down Expand Up @@ -6528,6 +6538,11 @@ spec:
by https://pkg.go.dev/github.com/tidwall/gjson and selects value from the authorization JSON.
E.g. https://ext-auth-server.io/metadata?p={request.path}
type: string
urlExpression:
properties:
expression:
type: string
type: object
required:
- url
type: object
Expand Down
13 changes: 12 additions & 1 deletion pkg/evaluators/metadata/generic_http.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
"github.com/kuadrant/authorino/pkg/auth"
"github.com/kuadrant/authorino/pkg/context"
"github.com/kuadrant/authorino/pkg/expressions"
"github.com/kuadrant/authorino/pkg/expressions/cel"
"github.com/kuadrant/authorino/pkg/json"
"github.com/kuadrant/authorino/pkg/log"
"github.com/kuadrant/authorino/pkg/oauth2"
Expand All @@ -23,6 +24,7 @@ import (

type GenericHttp struct {
Endpoint string
DynamicEndpoint *cel.Expression
Method string
Body expressions.Value
Parameters []json.JSONProperty
Expand All @@ -40,7 +42,16 @@ func (h *GenericHttp) Call(pipeline auth.AuthPipeline, ctx gocontext.Context) (i
}

authJSON := pipeline.GetAuthorizationJSON()
endpoint := json.ReplaceJSONPlaceholders(h.Endpoint, authJSON)
var endpoint string
if h.DynamicEndpoint != nil {
if val, err := h.DynamicEndpoint.EvaluateStringValue(authJSON); err != nil {
return nil, err
} else {
endpoint = val
}
} else {
endpoint = json.ReplaceJSONPlaceholders(h.Endpoint, authJSON)
}

req, err := h.buildRequest(ctx, endpoint, authJSON)
if err != nil {
Expand Down
2 changes: 1 addition & 1 deletion pkg/evaluators/response/dynamic_cel.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ func NewDynamicCelResponse(expression string) (*DynamicCEL, error) {

cel_exp := DynamicCEL{}

if program, err := cel.Compile(expression, false); err != nil {
if program, err := cel.Compile(expression, nil); err != nil {
return nil, err
} else {
cel_exp.program = program
Expand Down
43 changes: 34 additions & 9 deletions pkg/expressions/cel/expressions.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ type Predicate struct {
}

func NewPredicate(source string) (*Predicate, error) {
program, err := Compile(source, true)
program, err := Compile(source, cel.BoolType)
if err != nil {
return nil, err
}
Expand Down Expand Up @@ -51,7 +51,7 @@ type Expression struct {
}

func NewExpression(source string) (*Expression, error) {
program, err := Compile(source, false)
program, err := Compile(source, nil)
if err != nil {
return nil, err
}
Expand All @@ -61,13 +61,19 @@ func NewExpression(source string) (*Expression, error) {
}, nil
}

func (e *Expression) ResolveFor(json string) (interface{}, error) {
input, err := AuthJsonToCel(json)
func NewStringExpression(source string) (*Expression, error) {
program, err := Compile(source, cel.StringType)
if err != nil {
return nil, err
}
return &Expression{
program: program,
source: source,
}, nil
}

result, _, err := e.program.Eval(input)
func (e *Expression) ResolveFor(json string) (interface{}, error) {
result, _, err := e.Evaluate(json)
if err != nil {
return nil, err
}
Expand All @@ -79,7 +85,26 @@ func (e *Expression) ResolveFor(json string) (interface{}, error) {
}
}

func Compile(expression string, predicate bool, opts ...cel.EnvOption) (cel.Program, error) {
func (e *Expression) Evaluate(json string) (ref.Val, *cel.EvalDetails, error) {
input, err := AuthJsonToCel(json)
if err != nil {
return nil, nil, err
}

return e.program.Eval(input)
}

func (e *Expression) EvaluateStringValue(json string) (string, error) {
if result, _, err := e.Evaluate(json); err != nil {
return "", err
} else if !reflect.DeepEqual(result.Type(), cel.StringType) {
return "", err
} else {
return result.Value().(string), nil
}
}

func Compile(expression string, expectedType *cel.Type, opts ...cel.EnvOption) (cel.Program, error) {
envOpts := append([]cel.EnvOption{cel.Declarations(
decls.NewConst(RootAuthBinding, decls.NewObjectType("google.protobuf.Struct"), nil),
decls.NewConst(RootContextBinding, decls.NewObjectType("google.protobuf.Struct"), nil),
Expand All @@ -99,9 +124,9 @@ func Compile(expression string, predicate bool, opts ...cel.EnvOption) (cel.Prog
return nil, issues.Err()
}

if predicate {
if !reflect.DeepEqual(checked.OutputType(), cel.BoolType) && !reflect.DeepEqual(checked.OutputType(), cel.DynType) {
return nil, fmt.Errorf("type error: got %v, wanted %v output type", checked.OutputType(), cel.BoolType)
if expectedType != nil {
if !reflect.DeepEqual(checked.OutputType(), expectedType) && !reflect.DeepEqual(checked.OutputType(), cel.DynType) {
return nil, fmt.Errorf("type error: got %v, wanted %v output type", checked.OutputType(), expectedType)
}
}

Expand Down

0 comments on commit 8eed1ec

Please sign in to comment.